The EU General Data Protection Regulation takes effect in one year (on May 25, 2018). It is replacing the Bundesdatenschutzgesetz (BDSG – Ger-man Data Protection Act). This will result in standard data protection rules in Europe and new requirements, particularly for companies that process customer data electronically. DEKRA suggests that companies now start adjusting their level of data protection to the new EU requirements.
This regulation (EU GDPR, EU regulation no. 2016/679) establishes standard requirements for collecting, processing, using, and storing personal data across Europe. New standards such as the “market location principle” were enacted for this. This means that the new rules apply even for US companies, for instance. In the future, the data protection authority where a company’s head offices are lo-cated will govern all branches in the EU.
There are also many new data protection requirements. For instance data protec-tion is reinforced through default settings that are conducive to protecting data. Stricter requirements will also apply for commissioned data processing. In the future, contractors will have to provide evidence that they are complying with regulations through a code of conduct or a certification. The new regulation also includes larger fines in the future, ranging up to 20 million euros.
As such, DEKRA’s data protection experts recommend checking now to deter-mine whether a company’s data processing procedures fulfill the new require-ments. This should be done in time for any necessary changes to be implement-ed before the regulation takes effect.
For more information: